[wp-trac] [WordPress Trac] #59656: Merge Performant Translations (Ginger MO)
WordPress Trac
noreply at wordpress.org
Wed Nov 22 11:03:48 UTC 2023
#59656: Merge Performant Translations (Ginger MO)
--------------------------------------+--------------------------
Reporter: swissspidy | Owner: swissspidy
Type: enhancement | Status: assigned
Priority: high | Milestone: 6.5
Component: I18N | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses: performance
--------------------------------------+--------------------------
Comment (by swissspidy):
Note that the security aspect has been previously mentioned in the
[https://make.wordpress.org/core/2023/07/24/i18n-performance-analysis/
corresponding i18n performance analysis post].
The main takeaway is that installing translations is no different than
installing a plugin or theme, which can also execute arbitrary code. And
WordPress has always considered translations to be trusted.
The post does also mention a static analysis or checksum check for added
safety, though doing that at ''runtime'' (vs. at ''install'' time) will
negate the performance wins again. The latter would require additional
infrastructure for storing and retrieving checksums too.
Right now the "secure" mode is using the `translation_file_format` filter
to disable PHP file usage.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59656#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list